apegurus/flash-loan-attacks

<!-- Source: DeFiFoFum/fofum-solidity-skills (MIT) --> <!-- Source: kadenzipfel/smart-contract-vulnerabilities (MIT) -->

Flash Loan Attack Exploits

Overview

Flash loans enable borrowing massive amounts with zero collateral, repaid within the same transaction. Attackers use this capital to:

• Manipulate prices
• Exploit governance
• Amplify arbitrage
• Attack economic assumptions

Key insight: Any assumption about "no one would have $100M" is broken by flash loans.

---

Attack Patterns

1. Price Manipulation

1. Flash borrow $100M
2. Swap to move AMM price
3. Interact with victim (borrow, liquidate, swap)
4. Swap back
5. Repay flash loan
6. Profit

2. Governance Attacks

1. Flash borrow governance tokens
2. Create proposal or vote
3. If snapshot-based: exploit timing
4. Return tokens

// VULNERABLE: Instant voting power
function vote(uint256 proposalId, bool support) external {
    uint256 votes = token.balanceOf(msg.sender);  // Current balance!
    proposals[proposalId].votes += votes;
}

// SECURE: Historical voting power
function vote(uint256 proposalId, bool support) external {
    uint256 votes = token.getPastVotes(msg.sender, proposals[proposalId].snapshot);
    proposals[proposalId].votes += votes;
}

3. Reentrancy Amplification

Flash loans amplify reentrancy by providing initial capital:

1. Flash loan large amount
2. Deposit into vulnerable protocol
3. Reenter to drain more than deposited
4. Repay loan with profits

4. Collateral Manipulation

1. Flash loan collateral asset
2. Deposit as collateral in lending protocol
3. Borrow maximum against it
4. Manipulate collateral price down
5. Abandon position (bad debt)

---

Real Exploits

Euler Finance (Mar 2023) — $197M

What happened:

• Attacker exploited donateToReserves() function
• Flash loaned DAI, created leveraged position
• Used donate function to inflate debt without updating health
• Triggered liquidation at favorable rate

Root cause: donateToReserves() increased liabilities without proper health check

Lesson: All state-changing functions must maintain invariants.

Cream Finance (Oct 2021) — $130M

What happened:

• Attacker used flash loan to manipulate yUSD price
• Created fake collateral value through price oracle manipulation
• Borrowed real assets against fake collateral

Root cause: Oracle manipulation + flash loan capital

Beanstalk (Apr 2022) — $182M

What happened:

• Attacker flash loaned governance tokens (BEAN + LP)
• Achieved quorum for malicious proposal
• Proposal drained treasury
• All in one transaction

Root cause: No time delay between proposal and execution

Lesson: Governance needs timelocks AND snapshot-based voting.

Pancake Bunny (May 2021) — $45M

What happened:

• Flash loaned BNB
• Manipulated BUNNY/BNB price
• Minted excessive BUNNY tokens at wrong price
• Dumped and repaid

Root cause: Flash-loan-vulnerable price calculation

---

Detection Checklist

• [ ] Does the protocol assume capital constraints ("no one has $100M")?
• [ ] Can governance actions occur in same block as token acquisition?
• [ ] Does the protocol use spot prices? (See oracle.md)
• [ ] Are there any actions profitable only with large capital?
• [ ] Can positions be opened and closed in same transaction profitably?
• [ ] Is collateral value determined at time of borrow?
• [ ] Are there timelocks on sensitive operations?
• [ ] Does the protocol track historical balances for voting?

Flash Loan Sources

Attackers can source flash loans from:

• Aave — Largest, 0.09% fee, many assets
• dYdX — No fee (technically flash + repay)
• Uniswap V2/V3 — Flash swaps, 0.3% fee
• Balancer — Flash loans, dynamic fee
• Maker — DAI flash mint (up to debt ceiling)

Combined capital: $10B+ available in single transaction

Secure Patterns

Snapshot-Based Governance

// ERC20Votes pattern
mapping(address => Checkpoint[]) private _checkpoints;

function getPastVotes(address account, uint256 blockNumber) public view returns (uint256) {
    require(blockNumber < block.number, "Block not yet mined");
    return _checkpointsLookup(_checkpoints[account], blockNumber);
}

Time-Delayed Actions

uint256 public constant TIMELOCK = 2 days;
mapping(bytes32 => uint256) public pendingActions;

function queueAction(bytes32 actionHash) external onlyGovernance {
    pendingActions[actionHash] = block.timestamp + TIMELOCK;
}

function executeAction(bytes32 actionHash) external {
    require(pendingActions[actionHash] != 0, "Not queued");
    require(block.timestamp >= pendingActions[actionHash], "Timelock");
    delete pendingActions[actionHash];
    // Execute
}

Flash Loan Guards

// Detect if called within flash loan context
modifier noFlashLoan() {
    require(
        block.number > lastDepositBlock[msg.sender],
        "Same block"
    );
    _;
}

---

References

• Flash Loan Attack Taxonomy (Arxiv)
• Beanstalk Exploit Analysis
• Euler Exploit (BlockSec)